About UEFI 'secure boot' and closing the PC platform See also Conspiracy\Closed_computing_electronics Freedom\Microsoft Freedom\Microsoft\UEFI_Secure_boot Freedom\Intel Freedom\Internet_sabotage 20130129 rcvd David's email about his problems with a new laptop's 'secure boot'. Urgh! Search terms: secure boot UEFI Unified Extensible Firmware Interface CFM "compatibility firmware mode" http://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface http://mjg59.livejournal.com/138973.html http://mjg59.dreamwidth.org/12368.html http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/about http://www.osnews.com/story/26591/How_to_Circumvent_UEFI_Secure_Boot How to Circumvent UEFI Secure Boot posted by Howard Fosdick on Thu 6th Dec 2012 05:26 UTC With computers now shipping with UEFI Secure Boot enabled, users of any OS other than Windows 8 will want to know how to circumvent it. http://www.osnews.com/comments/26591 Much good info! Jesse Smith of DistroWatch tells how he did it here: http://distrowatch.com/weekly.php?issue=20121126#qa Secure Boot has arrived The Linux Foundation describes its approach here: http://www.linuxfoundation.org/news-media/blogs/browse/2012/10/linux-foundation-uefi-secure-boot-system-open-source Linux Foundation UEFI Secure Boot System for Open Source If you want to boot an OS other than Windows 8, you'll want to figure this out before you buy that new computer. http://blog.hansenpartnership.com/easier-way-to-take-control-of-uefi-secure-boot-platform/ Easier Way to take control of UEFI secure boot platform (Via: The Linux Foundation is committed to giving users freedom of choice on their platforms. Conforming to this stance, we have already published a variety of tools to permit users to take control of their secure boot platforms by replacing the Platform Key and managing (or replacing) the installed Key Exchange Keys) 20130505 https://news.ycombinator.com/item?id=5658184 Microsoft is killing Linux shops with Secure Boot 20150326 http://www.jimstone.is/ Are Microsoft and Intel teaming up to end Linux? Trugli wrote: Hey James, I've been closely following Intel and Microsoft's seemingly joint approach in locking down Windows-based computers recently. Intel introduced something called "Boot Guard", which prevents the UEFI firmware from being replaced. They have made it optional for vendors, at this stage. Microsoft's UEFI still currently allows switching off "Secure Boot", as well as allowing users to install their own keys. I didn't quite see the pattern before, until a recent post by a reader on the Phoronix forums: "Yes, the combination of Boot Guard and forced Secure Boot is a pretty bad one. Forced secure boot means that an evil Microsoft could blacklist boot loader signatures and render Linux systems unbootable. Boot Guard ensures that defending against this by modifying or replacing UEFI becomes impossible. The next steps on that slope are: 1. Hardware vendors must include Secure Boot function. Critics are placated with an option to disable it and the possibility for users to install their own keys. 2. Secure Boot must be enabled by default 3. Optional Boot Guard technology is introduced to prevent firmware modification 4. Secure Boot can become mandatory if the hardware vendor chooses so (we are here) Ability to install user keys in UEFI becomes optional Hardware vendors must enable Secure Boot permanently Boot Guard becomes mandatory Ability to install user keys in UEFI becomes forbidden" This is even more worrying considering that the NSA has heavy in involvement in the production of Windows. It's quite possible that the NSA conspired with both Intel and Microsoft in order to produce this evil combination, in order to better control computing. Couple this scenario with the Elite pushing to regulate and control the Internet and you have a rather scary scenario. Next, I bet, will be blocking old computers from accessing the Internet... or, if they connect, bricking them with a hack of some sort. The future of technology just looks darker each day... :/ Jim Stone response Telling it is that they sell this with such a re-assuring name: "Secure Boot" when we all know that it may protect you from a 12 year old hacker but is just a barn door for the NSA or anyone who pays enough to break into a computer somewhere. Thinking the NSA, under the control of Israel would actually allow any technology to block the "privileged tribe" from accessing "important anti terror info" on an inventor's hard drive would be, at this point, juvenile. And yep, I bet Intel based computers will begin to be shipped that are permanently stuck with Windows, BONUS: AMD has never played these types of games, if this is an Intel only gig, well, I am tempted by a new A6 anyway because one was finally released that marginally beats my now almost 4 years old A6 and it would be a good idea to replace this aging machine. Common sense says I should replace it and that new A6 has my interest . . . . . I am way past the intellectual barriers required to know better than to go INTEL. The graphic to the left here says it all: U.S. Gov't Intel Inside, Member NSA! ---------------------------- 20150420 From: DS Date: Mon, 20 Apr 2015 08:44:12 +1000 Hi This may be interesting to you... It's relevant to some detective work I'm doing re UEFI and backdoor access to PC's. This is a good place to start. https://www.happyassassin.net/2014/01/25/uefi-boot-how-does-that-actually-work-then/ The link to the spec is broken. Asks for a uname and pwd. If you click to "home" and follow links you can get to it unencumbered. No doubt you will find it absurd. It is. Nonetheless there's gold in them thar hills. e.g. did you know you can log into a sleeping PC by wake on lan and talk directly to well, I presume about everything if you know how. Also there's a standard COM port access too. Some interesting stuff on so called "secure boot" too. Secure from whom? Well that's tba. All of which is of course, why I wanted to work out how USB sticks and DVD'd actually start. Why? Just curious I guess. MBA is effectively d.e.d. now. All this is just FYI, but I find it pretty interesting. BTW if you have difficulty getting spec then I have a pdf. There are so many good ideas that have been trashed into a mess of obfuscation by TPTB aren't there? Stupidity, the Brian Johnson effect, Conspiracy, who knows? DS ---------------------------- https://www.happyassassin.net/2014/01/25/uefi-boot-how-does-that-actually-work-then/ UEFI boot: how does that actually work, then? http://mjg59.dreamwidth.org/ mjg59’s blog http://www.rodsbooks.com/linux-uefi/ Rod Smith http://blog.uncooperative.org/ Peter Jones https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface http://www.coreboot.org/ Coreboot https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot Secure Boot is not the same thing as UEFI. Do not ever use those terms interchangeably. Secure Boot is a single effectively optional element of the UEFI specification, which was added in version 2.2 of the UEFI specification. http://uefi.org/ forum Historical Note: UEFI was not invented by, is not controlled by, and has never been controlled by Microsoft. Its predecessor and basis, EFI, was developed and published by Intel. UEFI is managed by the UEFI Forum. Microsoft is a member of the UEFI forum. So is Red Hat, and so is Apple, and so is just about every major PC manufacturer, Intel (obviously), AMD, and a laundry list of other major and minor hardware, software and firmware companies and organizations. It is a broad consensus specification, with all the messiness that entails, some of which we’ll talk about specifically later. It is no one company’s Evil Vehicle Of Evilness. http://www.uefi.org/specs/download tech specs --> http://www.uefi.org/specsandtesttools --> http://uefi.org/specs/access http://msdn.microsoft.com/en-us/library/windows/hardware/jj128256.aspx Windows Hardware Certification Requirements